Have you eaten in the past couple of years at a Checkers or Rally’s drive-in restaurant? Well, keep an eye on your credit and debit card statements. The company that owns the chains across the United States has discovered malware in the card payment systems in some restaurants. In some cases the malware has been there as far back as 2016. The company said this week card readers in most outlets are safe, but not at 83 Checkers and 19 Rally’s restaurants. The malware could allow hackers to to steal the personal data on the black stripe on the back of credit and debit cards. So far the company doesn’t have a list of who has been victimized. You’ll know if you’ve been hit if there are suspicious payments on your credit card statement. But criminals can also use the data to open new accounts. You can get a free credit report from some agencies that will help you make sure you’re not a victim. There’s a link to the Checkers statement here.

This wouldn’t have happened had American businesses and payment card companies switched consumers faster to chip and pin cards where you insert your card in the bottom of a reader, or tap it. As I’ve said before, if you can, don’t swipe your card when paying for things.

For organizations hesitating to increase their cyber security spending, here’s a fact to keep in mind: This week the city of Baltimore estimated it will take at least $10 million to clean up the mess caused by a recent ransomware attack. On top of that it might lose $8 million in lost or delayed revenue. Ransomware can be stopped with effective software patching, backup and access control over computers and servers.

Another example of a clumsy staffer leaving sensitive data open on the Internet has been discovered. A security company called vpnMentor says it found 84 gigabytes of data belonging to the Pyramid Hotel Group, which does systems management for hotels. The data found isn’t personal information; almost as bad, it’s hotel security logs that could be helpful to a hacker. It’s another example of why companies have to tighten server access control and the way staff handle data.

Attention WordPress administrators: Someone has been mucking around with the WordPress Live Chat Support plugin, which allows people to talk to support staff. This bug could allow a hacker to squeeze into a WordPress site and cause all sorts of havoc. If you use this plugin, make sure you have the latest patch installed. More details on this are here.

Attention Linux administrators: A security firm called Intezer has discovered a new piece of Linux malware aimed at remotely taking over a server. They call it HiddenWasp. To avoid being stung make sure servers have strict access control, and block access to certain command and control internet addresses. Intezer has more information in this blog.

Finally, I covered a Canadian parliamentary hearing on privacy problems yesterday. Officials from Amazon, Microsoft and Twitter said they do a lot to protect your privacy. Well, an official from Mozilla, which makes the Firefox browser, said it will soon come with the ability to block web sites from collecting information that tracks you as you go from site to site. You can turn off tracking on most browsers. Firefox will soon come with that as the default setting. That will be welcome.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomedia [@] gmail.com